cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RAR false negatives

Former Member

on ‎04-29-2011 6:24 PM

0 Kudos

I have 2 instances of GRC RAR (sp13) pointed to the same backend systems, and functions/risks identical (imported from same source). The issue is that on one of the instances, critical risks (for a user) are found and on the other they are not, and the user does have the risk. Any ideas?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (7)

Answers (7)

Former Member
‎05-04-2011 1:53 PM
0 Kudos

And to answer before someone suggests it, I also deleted both the function(s) and the risk, regened the rules and then created (by hand) the function(s) and risks and updated the rules....no difference.

Show replies
Show replies
Former Member
‎05-04-2011 1:51 PM
0 Kudos

I have done as you suggested twice.....when you compare the rules on screen, they appear identical. And yes, I am using logical systems on both instances, when I bring over the functions, risks, rules, etc. I am also bringing over the connectors and logical systems.

Show replies
Show replies
Former Member
‎05-03-2011 1:41 PM
0 Kudos

at this point the only thing I checked was critical actions and critical permissions and they both show false negatives. I suspect that SOD checks will also have issues. It doesn't happen every time on every risk, but is repeatable. In other words, a particular risk will show false negatives and will always show false negatives, while one that doesn't won't ever show a false negative.

Show replies
Show replies
Former Member
‎05-04-2011 9:26 AM
0 Kudos

Try to download the rules from the GRC instance where it is coming correct and upload to another Instance where it is showing problem. Regenerate rules and check if the issue still persists. So far it seems there is some issue in rules itself.

Are you using logical system?

Regards,

Sabita

Former Member
‎05-02-2011 1:20 PM
0 Kudos

As I stated, ALL report parameters are identical and are set to ignore nothing, all user types, no critical roles/profiles defined, etc.

Show replies
Show replies
Former Member
‎05-03-2011 1:24 PM
0 Kudos

Is this issue coming for only critical risks or for SOD and critical permission risks as well?

Regards,

Sabita

Former Member
‎04-29-2011 10:32 PM
0 Kudos

I forgot, the report parameters are identical as well.

Show replies
Show replies
Former Member
‎05-02-2011 10:51 AM
0 Kudos

Hi Jack,

What is the user type? Sometimes it happens that RAR-- configuration - Risk analysis --default value --> we ignore Service users or other types, in that case risk will not appear.

Check it in both GRC Servers.

Regards,

Sabita

Former Member
‎04-29-2011 10:31 PM
0 Kudos

of course the risks are maintained...I think you probably meant enabled, and yes they are. Like I said, when you look at the risk or rule or function, they are identical....but one instance works and one does not.

Show replies
Show replies
Former Member
‎04-29-2011 10:11 PM
0 Kudos

Check if the critical actions are maintinaed in the otehr system, also check the report type parameters.

Regards,

Chinmaya

Show replies
Show replies
Ask a Question